Firewall Wizards mailing list archives
Re: ssh holes? Trojans? [long]
From: "Robert Collins" <robert.collins () itdomain com au>
Date: Thu, 21 Sep 2000 09:53:00 +1100
<snip>
All in all, though, it's sucky. You can't make it work if the clients
don't
want to let you make it work. This is probably why there is nothing around that does what you want. If you were to provide a non-transparent SSH gateway, that might work. Clients can telnet (or SSH) to your gateway, and from there start a new
SSH
connection to the outside world. You could then snoop the traffic before
it
entered the second tunnel. They still get the protection of SSH over the Internet and you still get to snoop the traffic. This requires user co-operation, though. You can't do it in secret. I'll leave the fine
details
as an exercise ;)
And hope they don't then run an end-end secure protocol htru that gateway. Like uhmm, ssh :-] _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 20)
- Re: ssh holes? Trojans? [long] Magosányi Árpád (Sep 22)
- Re: ssh holes? Trojans? [long] Robert Collins (Sep 22)
- <Possible follow-ups>
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 25)
- Re: ssh holes? Trojans? [long] Magosányi Árpád (Sep 26)
- RE: ssh holes? Trojans? [long] sean . kelly (Sep 25)
- RE: ssh holes? Trojans? [long] Ben Nagy (Sep 26)